I am a Shopify store owner. In the admin of my store, in Settings > Notifications > Webhooks, I’ve created a webhook for “order creation” and provided my endpoint URL. Shopify provides a string/token the webhooks will be signed with (presumably for me to use in my code). I am not using webhooks in the context of a Shopify app. This is a simple URL endpoint.
My endpoint URL is a AWS API Gateway for a Lambda function using Node.js. I am currently using a Lambda proxy integration in order to access the entire HTTP request as-is (via a catch-all ANY method), although I’m not sure if this is necessary or working.
I am using the Shopify Node.js library and calling the shopify.webhooks.validate method, which accepts 3 parameters:
- rawBody: The raw body of the request received by the app.
- rawRequest: The HTTP Request object used by your runtime.
- rawResponse: The HTTP Response object used by your runtime. Required for Node.js.
I am assuming this method computes the HMAC digest and compares it to the header value so I do not have to write this code myself.
Questions:
How do I access the raw HTTP Request object and HTTP Response object in this Node.js Lambda environment? In Express it would be req and res. But I am not using Express.
Also, where do I use the webhooks signing string/token Shopify generates for me? Do I use that as the ACCESS_TOKEN? Or do I install the Shopify Headless app and use the private access token under Storefront API?
Node.js code (index.js):
import "@shopify/shopify-api/adapters/node";
import { shopifyApi } from "@shopify/shopify-api";
const SHOP_NAME = 'store_shop_name';
const ACCESS_TOKEN = 'store_access_token';
const shopify = shopifyApi({
shopName: SHOP_NAME,
accessToken: ACCESS_TOKEN
});
exports.handler = async (event, context) => {
const {isValid, topic, domain} = await shopify.webhooks.validate({
rawBody: ?? // request body as string
rawRequest: ?? // http request object
rawResponse: ?? // http response object
});
if (!isValid) {
return {
statusCode: 400
};
}
// process here
}
Any relevant examples would be greatly appreciated.